Josephine Suganthi, Sunnyvale US

Josephine Suganthi, Sunnyvale, CA US

Patent application number

Description

Published

20080225718

Systems and Methods for Providing Global Server Load Balancing of Heterogeneous Devices - The present invention provides improvements to load balancing by providing a load balancing solution that distributes a load among a plurality of heterogenous devices, such as different types of local load balancers, using metrics collected from the different devices. The load balancing appliance collects metrics from heterogenous devices using a network management protocol and communication model, such as a Simple Network Management Protocol (SNMP). These heterogenous device metrics are available on the load balancing appliance with appliance determined metrics and metrics obtained by the appliance from homogenous devices using a metric exchange protocol. Via a configuration interface of the appliance, a user can select one or more of these different metrics for global load balancing. As such, the load balancing appliance described herein obtains a multitude of metrics from the different devices under management. Additionally, the load balancing appliance described herein provides great flexibility in allowing the user to configure the global load balancer based on the user's understanding of these multitudes of metrics and to take into account the different characteristics and behaviors of the heterogenous devices.

09-18-2008

20090300407

SYSTEMS AND METHODS FOR LOAD BALANCING VIA A PLURALITY OF VIRTUAL SERVERS UPON FAILOVER USING METRICS FROM A BACKUP VIRTUAL SERVER - The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server.

12-03-2009

20100036951

SYSTEMS AND METHODS FOR DYNAMIC DECENTRALIZED LOAD BALANCING ACROSS MULTIPLE SITES - A method for enabling decentralized dynamic load balancing among a plurality of appliances providing access to a plurality of sites, each site comprising a local area network and at least one server includes: determining, by a first appliance, a first number of services currently available for access via a local area network connected to the first appliance; receiving, by the first appliance from a second appliance, a communication indicating a second number of services currently available for access via a local area network connected to the second appliance; receiving, by the first appliance, a plurality of requests to connect to a service; determining, by the first appliance, a weight to be assigned to the second appliance, wherein the determination is responsive to the second number; and forwarding, by the first appliance to the second appliance, a subset of the plurality of requests, wherein the number of requests comprising the subset is determined in response to the determined weight. Corresponding systems are also described.

02-11-2010

20100131639

Systems and Methods For GSLB Site Persistence - The present invention provides systems and methods for maintaining site persistence in a hierarchical Global Server Load Balancing (GSLB) deployment. Via configuration of GSLB services locally and remotely on each of the GSLB appliances and LB appliances at a site, a site appliance identifies and associates requests from the GSLB with the site. Furthermore, the site appliance may receive a GSLB cookie with the client request and confirms the request is from the expected GSLB in the site hierarchy. When the load balancers receives a response from a server, the appliance may include the GSLB cookie with the response back to the client. The appliance may also include an LB cookie to identify the server selected by the LB. When the client sends another request, the request may include the GSLB and LB cookie. With this information, the GSLB and LB appliance may maintain site persistence for the client as well as server persistence at the site.

05-27-2010

20100131960

Systems and Methods for GSLB Based on SSL VPN Users - The present invention provides a system and a method for global server load balancing of a plurality of sites based on a number of Secure Socket Layer Virtual Private Network (SSL VPN) users. The SSL VPN users may access servers at each of the plurality of sites. A global server load balancing virtual server (GSLB) may receive a request to access a server. The GSLB virtual server may load balance a plurality of sites wherein each of the plurality of sites may further comprising a load balancing virtual server load balancing users accessing the server accessing servers via an SSL VPN session. GSLB may receive from a first load balancing virtual server at a first site, a first number of current SSL VPN users accessing servers from the first site via SSL VPN sessions. The GSLB may also receive from a second load balancing virtual server at a second site, a second number of current SSL VPN users of the users accessing servers from the second site via SSL VPN sessions. GSLB may determine to forward the request to one of the first load balancing virtual server of the first site or the second load balancing virtual server of the second site by load balancing SSL VPN users across the plurality of sites based on the first number of current SSL VPN users and the second number of current SSL VPN users.

05-27-2010

20100138534

SYSTEMS AND METHODS FOR MONITOR AN ACCESS GATEWAY - The present invention is directed towards systems and methods for monitoring an access gateway. The systems and methods include monitors on appliances that generate and send requests to logon agents or login page services on access gateways. Based on the responses from the logon agents or login page services, the monitors determine whether the logon agents or login page services are available.

06-03-2010

20100191851

METHOD AND APPLIANCE FOR USING A DYNAMIC RESPONSE TIME TO DETERMINE RESPONSIVENESS OF NETWORK SERVICES - In a method and appliance for determining responsiveness of a service via a particular protocol, a device intermediary to a plurality of clients and a plurality of services determines response times from each of a plurality of services to respond to requests via a first type of protocol of a plurality of protocols. The device calculates an average response time for the first type of protocol from each of the response times of the plurality of services. The device establishes a predetermined threshold for which a response time of a service for the first type of protocol may deviate from the average response time. The device identifies a service as available responsive to determining that a deviation of the response time of the service from the average response falls within the predetermined threshold.

07-29-2010

20110153937

SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address.

06-23-2011

20110222535

Systems and Methods for Routing VPN Traffic Around Network Distribution - Methods for using a client agent to route client requests among a plurality of appliances using transport layer information include the steps of: establishing, by a client agent executing on a client, a first transport layer connection with a first appliance of a plurality of appliances, the first appliance providing access to one or more servers; establishing, by a client agent executing on the client, a second transport layer connection with a second appliance of a plurality of appliances, the second appliance providing access to one or more servers; intercepting, by the client agent, a packet transmitted by the client; selecting, by the client agent, one of the connections to transmit the intercepted packet based on a characteristic of at least one of: the transport layer connections, the plurality of appliances, or the servers; and transmitting the intercepted packet via the selected connection.

09-15-2011

20120072588

SYSTEMS AND METHODS FOR LOAD BALANCING VIA A PLURALITY OF VIRTUAL SERVERS UPON FAILOVER USING METRICS FROM A BACKUP VIRTUAL SERVER - The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server.

03-22-2012

20120226804

SYSTEMS AND METHODS FOR SCALABLE N-CORE STATS AGGREGATION - The present invention is directed towards systems and methods for aggregating and providing statistics from cores of a multi-core system intermediary between one or more clients and servers. The system may maintain in shared memory a global device number for each core of the multi-core system. The system may provide a thread for each core of the multi-core system to gather data from the corresponding core. A first thread may generate aggregated statistics from a corresponding core by parsing the gathered data from the corresponding core. The first thread may transfer the generated statistics to a statistics log according to a schedule. The system may adaptively reschedule the transfer by monitoring the operation of each computing thread. Responsive to a request from a client, an agent of the client may obtain statistics from the statistics log.

09-06-2012

20120290732

METHODS FOR ASSOCIATING AN IP ADDRESS TO A USER VIA AN APPLIANCE - The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. The disclosure also describes a configurable user domain naming policy so that one can query the VPN address of a user by an easily referable host name identifying the user. The appliance and/or client agent provides techniques for applications to seamlessly and transparently communicate on the VPN using the VPN address of the user or client on the private network.

11-15-2012

20130007239

SYSTEMS AND METHODS FOR TRANSPARENT LAYER 2 REDIRECTION TO ANY SERVICE - The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client.

01-03-2013

20130046876

SYSTEMS AND METHODS FOR GSLB SITE PERSISTENCE - The present invention provides maintains site persistence in a hierarchical Global Server Load Balancing (GSLB) deployment. Via configuration of GSLB services locally and remotely on each of the GSLB appliances and LB appliances at a site, a site appliance identifies and associates requests from the GSLB with the site. Furthermore, the site appliance may receive a GSLB cookie with the client request and confirms the request is from the expected GSLB in the site hierarchy. When the load balancers receives a response from a server, the appliance may include the GSLB cookie with the response back to the client. The appliance may also include an LB cookie to identify the server selected by the LB. When the client sends another request, the request may include the GSLB and LB cookie.

02-21-2013

20130145146

SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA - A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.

06-06-2013

20130318232

SYSTEMS AND METHODS FOR PROVIDING DYNAMIC CONNECTION SPILLOVER AMONG VIRTUAL SERVERS - A method for an appliance to switch handling of transport layer connection requests from a first virtual server of the appliance managing a first plurality of services to a second virtual server of the appliance managing a second plurality of services upon exceeding, by the first virtual server, a maximum connection threshold determined dynamically from a status of the first plurality of services The appliance establishes a predetermined threshold identifying a maximum active transport layer connection capacity for the first virtual server that comprising a sum of a predetermined connection capacity for each of the plurality of services. The appliance determines via monitoring that the status of a service of the plurality of services indicates the service is not available and adjusts the predetermined threshold to comprise the sum of the predetermined connection capacity for each of the plurality of services having a status of available.

11-28-2013

20140133315

SYSTEMS AND METHODS FOR LISTENING POLICIES FOR VIRTUAL SERVERS OF APPLIANCE - The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation.

05-15-2014

20140189132

SYSTEMS AND METHODS FOR GSLB BASED ON SSL VPN USERS - The present invention provides a system and a method for global server load balancing of a plurality of sites based on a number of Secure Socket Layer Virtual Private Network (SSL VPN) users. The SSL VPN users may access servers at each of the plurality of sites. A global server load balancing virtual server (GSLB) may receive a request to access a server. The GSLB virtual server may load balance a plurality of sites wherein each of the plurality of sites may further comprising a load balancing virtual server load balancing users accessing the server accessing servers via an SSL VPN session. GSLB may receive from a first load balancing virtual server at a first site, a first number of current SSL VPN users accessing servers from the first site via SSL VPN sessions. The GSLB may also receive from a second load balancing virtual server at a second site, a second number of current SSL VPN users of the users accessing servers from the second site via SSL VPN sessions. GSLB may determine to forward the request to one of the first load balancing virtual server of the first site or the second load balancing virtual server of the second site by load balancing SSL VPN users across the plurality of sites based on the first number of current SSL VPN users and the second number of current SSL VPN users.

07-03-2014

20140258390

SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address.

09-11-2014

20140304361

SYSTEMS AND METHODS FOR DISTRIBUTED HASH TABLE CONTRACT RENEWAL - The present application is directed towards ASDR table contract renewal. In some embodiments, a core may cache an ASDR table entry received from an owner core such that when the entry is needed again the core does not need to re-request the entry from the owner core. As storing a cached copy of the entry allows the non-owner core to use an ASDR table entry without requesting the entry from the owner core, the owner core may be unaware of an ASDR table entry's use by a non-owner core. To ensure the owner core keeps the ASDR table entry alive, which the non-owner core has cached, the non-owner core may perform contract renewal for each of its recently used cached entries. The contract renewal method may include sending a message to the owner core that indicates which cached ASDR table entries the non-owner core has recently used or accessed. Responsive to receiving the message the owner core may reset a timeout period associated with the ASDR table entry.

10-09-2014

20140304413

SYSTEMS AND METHODS FOR STARTUP ROUND ROBIN ENHANCEMENT - The present solution allows users, such as administrators to configure slow start parameters for new services. These slow start parameters specify a rate at which requests should be given to a newly added or up service. The users can also chose to automatically increase the load in multiples of the chosen rate by specifying an increment interval. The services are given the configured rate for the interval, and once the interval is reached, the next multiple of the rate of requests is given. The increase of rate of requests is done automatically until an existing service request rate is reached. At that point in time this functionality is disabled and the existing and new services are treated the same.